Bill would bring stiff financial penalties for data breaches

Equifax may be facing various legal, regulatory, and financial consequences for the data breach that exposed the personal information of 145.5 million U.S. consumers, but two top Senate Democrats want there to be much stiffer penalties should any credit reporting agency, Equifax included, fail to protect consumer data again.

On Wednesday, Sens. Mark Warner, D-Virginia, and Elizabeth Warren, D-Mass., introduced a bill that would increase oversight of credit reporting agencies and allow the government to impose financial penalties on the agencies for failing to secure consumer data.

But under the terms of Warner and Warren’s bill, Equifax would have been subjected to a fine of at least $1.5 billion for the company’s failure to protect consumers’ personal information.

The bill, the Data Breach Prevention and Compensation Act, would establish an Office of Cybersecurity within the Federal Trade Commission that would be tasked with annual inspections and supervision of cybersecurity at the credit reporting agencies.

The bill would also impose mandatory liability penalties for breaches of consumer data beginning with a base penalty of $100 for each consumer who had one piece of personal identifying information compromised and another $50 for each additional PII compromised per consumer.

Considering how many people’s data was compromised in the Equifax data breach, the company would have been fined at least $1.5 billion under these rules.

But not all of the money would go straight to the government. In fact, half of the penalty amount would go to the affected consumers to compensate them for the impact of the breach.

According to Warren’s office, the bill would require the FTC to use 50% of the penalty to compensate consumers. The bill would also increase the penalties in cases of “woefully inadequate cybersecurity or if a CRA fails to timely notify the FTC of a breach.”

According to Warren’s office, the bill caps the penalty at a maximum of 50% of the credit reporting agency’s gross revenue from the prior year.

“In today’s information economy, data is an enormous asset. But if companies like Equifax can't properly safeguard the enormous amounts of highly sensitive data they are collecting and centralizing, then they shouldn't be collecting it in the first place,” Warner said in a statement. “This bill will ensure that companies like Equifax - which gather vast amounts of information on American consumers, often without their knowledge - are taking appropriate steps to secure data that's central to Americans’ identity management and access to credit.”

Warren, in her statement, suggested that Equifax may be actually be able to make money off of the breach, but said that the bill would put an end to situations like that.

“The financial incentives here are all out of whack - Equifax allowed personal data on more than half the adults in the country to get stolen, and its legal liability is so limited that it may end up making money off the breach,” Warren said. “Our bill imposes massive and mandatory penalties for data breaches at companies like Equifax - and provides robust compensation for affected consumers - which will put money back into peoples’ pockets and help stop these kinds of breaches from happening again.”

Ben Lane is the Senior Financial Reporter for HousingWire. In this role, he helps set a leading pace for news coverage spanning the issues driving the U.S. housing economy. Previously, he worked for TownSquareBuzz, a hyper-local news service. He is a graduate of University of North Texas.

This month inHousingWire magazine

[Subscribers only] Multigenerational living, where two or more adult generations live under the same roof, is becoming a growing trend in the U.S. Currently about 19% of Americans now live in a multigenerational household, the highest level since 1950. That amounts to about 60.6 million adults in 2014, up from 57 million adults in 2012. And homebuilders have taken notice, designing houses specifically catered to this segment.

Feature

Would-be homeowners are inundated with picture-perfect examples of new and remodeled homes brimming with upgrades. But in the real world, homebuilders and investors must calculate the rate of return on these sometimes fleeting trends, weighing what buyers want with what they can actually afford. This feature looks at which features buyers of different age demographics consider the most important, and what that means for sellers.

Commentary

We’ve found that the handling and posting of payments during bankruptcy has been a widespread issue in our testing environment. Specifically, there is increased risk exposure in pre-and post-petition payment application and treatment, both inside and outside of the bankruptcy plan. Servicers and sub-servicers have created manual workflow workarounds to address the issue, however, it does open the servicer up to more exposure to calculation errors.